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Information  warfare  (IW)  is  an  emerging  concept  that  affects  the 
use  of  automated  systems  and  reflects  the  growing  realization 
that  information  technology  can  be  used  to  gain  an  advantage  over 
other  users.  Since  the  Gulf  War,  the  incidents  of  information 
systems  attacks  have  increased,  especially  in  the  civilian 
environment .  Attacks  against  military  systems  have  gone  as  far 
as  penetrating  sensitive,  previously  secure  systems.  As  this 
threat  against  information-  or  computer-based  systems  becomes 
more  blatant,  it  raises  the  question  of  how  vulnerable  to  attack 
are  our  automated  military  systems.  Emerging  technologies 
promise  greater  speed,  accuracy  and  reliability  for  military 
operations  while  simultaneously  producing  greater  lethality  and 
situation  awareness.  However,  as  the  Armed  Forces  depend  more 
and  more  on  these  systems  to  perform  routine  and  specialized 


operations,  the  risk  of  penetration,  disruption,  or  even 
compromise  becomes  apparent.  While  information  warfare  has  great 
potential  as  a  valid  offensive  tool,  this  paper  explores  the 
threat  to  unified  and  joint  military  operations  from  a  defensive 
information  warfare  perspective.  We  must  first  identify  what  the 
threat  entails  and  design  defensive  procedures  because  this  is 
where  the  greatest  vulnerabilities  lie.  Research  and  development 
of  IW  as  an  offensive  weapon  can  be  pursued  and  funded  along  with 
other  conventional  weapons  programs.  What  is  critical  is 
identifying  weaknesses  and  correcting  them  before  we  become 
victims  of  infonnation  warfare  itself. 
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Introduction 


The  Information  Age  is  upon  us  and  will  take  us  into  the 
Twentieth  Century  and  beyond.  One  of  the  strongest  and  most 
peirvasive  indicators  of  this  is  the  innovative  way  people  are 
using  information  technology. 

As  a  stark  example,  during  the  Persian  Gulf  War  teenage 
Dutch  hackers  (computer  systems  attackers)  penetrated  Department 
of  Defense  (DoD)  computer  systems  34  times.  Although  most  of  the 
breaches  occurred  in  Internet  connections  and  involved  sensitive 
rather  than  classified  information,  the  hackers  were  able  to  move 
about  freely  within  the  systems  and  remained  undetected.  From 
their  home  base  they  were  able  to  change  software  to  allow 
subsequent  access,  altered  then  reproduced  military  information, 
and  even  stored  stolen  information  at  university  sites  in  the 
United  States.^ 

Commercially,  in  1995  a  Russian  graduate  student  in  St. 
Petersburg  broke  into  New  York's  Citicorp  computerized  cash- 
management  system  over  40  times.  He  used  the  bank's  automated 
cash  transfer  process  to  move  more  than  $12  million  to  banks 
worldwide  and  at  one  point  had  access  to  Citicorp's  $500  billion 
holdings,^  before  he  police  caught  him. 


Further,  in  March  of  this  year,  the  Army's  National  Training 
Center  (NTC)  at  Fort  Irwin,  California  will  host  a  major 
experiment  involving  a  unique  force.  This  force,  a  Brigade-size 
element  of  the  4*^^  Infantry  Division  called  the  EXFOR  (for 
Experimental  Force) ,  will  be  equipped  with  the  latest  in 
digitized  technology.  Virtually  all  of  its  vehicles  will  have 
some  combination  of  the  Single  Channel  Ground  and  Airborne  Radio 
System  (SINCGARS) ,  the  Enhanced  Position  Location  Reporting 
System  (EPLRS) ,  the  Battlefield  Combat  Identification  System 
(BCIS) ,  the  Portable  Lightweight  Unit  Global  Positioning  System 
Receiver  (PLGR) ,  and  the  Force  XXI  Battle  Command  for  Brigade  and 
Below  (FBCB2) These  systems  totally  automate  the  organic 
communications  capability  of  the  Brigade  and  represent  a  major 
investment  of  the  Army  in  digitization. 

These  accomplishments  are  evidence  both  of  the  increasing 
dependence  on  automated  systems  and  the  concomitant 
vulnerabilities  associated  with  those  systems.  Information 
technologies  have  spawned  a  new,  potentially  dangerous  use: 
information  warfare  (IW) .  But  is  the  so-called  information 
warfare  phenomenon  a  unique  occurrence  or  just  a  passing  fad? 

Does  it  represent  a  viable  threat  to  all  information-based 
systems?  Even  more  important,  is  the  Joint  Community  depending 
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too  much  on  the  integration  of  computer-  and  information-based 
technology  to  perform  its  primary  functions,  thereby  opening 
itself  up  to  potentially  catastrophic  disruption  from  Information 
Warfare  attacks?  Finally,  while  research  and  development  of 
offensive  IW  techniques  are  certainly  worth  pursuing,  defensive 
IW  must  take  priority.  It  is  here  that  the  greater  risk  lies, 
not  in  developing  another  tool  for  the  warfighters  conventional 
weapons  kit  bag.  This  paper,  then,  looks  at  the  threat  to  Joint 
information-based  systems  as  planners  invest  more  and  more  in 
technology  to  conduct  unified,  joint,  multinational  and 
interagency  operations.  The  threat  to  information-based  systems 
is  valid  and  it  affects  how  planning  for  these  types  of 
operations  is  conducted  and  executed. 

What  is  Information  Warfare? 

The  effort  to  define  information  warfare  is  evolving.  In 
his  1995  work  on  the  subject,^  Martin  Libicki  offers  seven  fonns 
of  IW.  These  are:  command  and  control  warfare  (C2W) , 
intelligence-based  warfare  (IBW) ,  electronic  warfare  (EW) , 
psychological  warfare  (PSYW) ,  hacker  warfare,  economic 
information  warfare  (EIW) ,  and  cyberwar f are. ^  Several  of  the 
terms,  such  as  EW  and  PSYW  have  been  used  since  at  least  World 
War  II.  What  is  new  is  that  the  terms  differentiate  the  ways  one 
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can  use  information-based  platforms  for  one's  advantage.  For 
instance,  electronic  warfare  refers  to  both  radioelectronic  and 
cryptographic  techniques,  such  as  antiradar  and 

anticommunications,  or  operations  aimed  at  disrupting,  destroying 
or  interrupting  someone's  communications  systems.  Hacker 
warfare,  on  the  other  hand,  refers  primarily  to  attacks  on 
computer-based  systems.  Libicki's  work  is  important  because  the 
author  makes  the  key  point  that  "information  warfare,  as  a 
separate  technique  of  waging  war,  does  not  exist. He  suggests 
that  in  combination  with  other  conventional  foirms  of  combat 
information  warfare  can  have  its  most  effective  use.  This  is 
especially  true  of  offensive  information  warfare.  However, 
Libicki  also  discounts  certain  types  of  warfare,  for  example, 
hackers,  as  a  threat  to  national  security.’ 

The  Defense  Department  has  been  wrestling  with  the 
terminology  of  the  Information  Age  at  least  since  the  early  90' s. 
Because  technology  in  the  IW  field  is  developing  so  rapidly,  it 
is  difficult  to  settle  on  agreed-upon  definitions  that  serve  to 
describe  IW  aspects  before  they  change.  For  instance,  DoD 
Directive  S-3600.1,  Information  Operations  (10),  added  at  least 
eight  new  unclassified  terms  between  the  1992  publication  and  the 
9  Dec  96  version  of  Information  Operations.  They  include: 
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Computer  Network  Attack  (CN) ,  Information  Assurance,  Information 
Environment,  Information  Operations,  Information  Superiority, 
Information  System,  Information  Warfare,  and  Special  Information 
Operations.  These  represent  a  growing  sophistication  with 
information  warfare  techniques  and  the  realization  by  the  Defense 
Department  that  information  warfare  --  in  the  broadest  sense  -- 
has  the  potential  for  military  application. 

Because  information  is  so  rapidly  evolving,  then,  the 
attempt  to  accurately  define  aspects  associated  with  this 
phenomenon  is  becoming  more  sophisticated,  as  stated  above.  Some 
would  argue  that  definitions  in  the  IW  arena  are  meaningless.® 
However,  in  order  to  focus  on  the  threat  of  information  warfare, 
it  is  necessary  to  establish  a  start  point. 

In  the  military  arena®  Joint  Publication  3-13.1,  Joint 
D.Q.ctrine_.For  Command  and  Control  Warfare  (C2W)  .  information 
warfare  is  defined  as :  "Actions  taken  to  achieve  information 
superiority  by  affecting  adversary  information,  information-based 
processes,  information  systems,  and  computer-based  networks  while 
defending  one's  own"  similar  systems.^® 

This  definition  does  several  things.  First,  it  points  out 
that  there  are  actions  that  one  can  take  to  gain  an  information 
advantage  over  some  other  information  system  user.  Second,  and 


5 


conversely,  there  are  also  actions  that  one  can  take  to  defend 
his  own  systems.  Third,  there  is  a  recognition  (at  least  in  the 
Joint  arena)  that  people  can  use  information  and  information 
systems  as  warfare.  Fourth  and  from  a  military  perspective, 
there  are  both  offensive  and  defensive  aspects  to  infoimation 
warfare.  This  means  that  information  warfare  may  be  a  military 
instrument  of  power  which  warfighters  must  consider  and  both 
defend  against  and  incorporate  in  their  warfighting  "kit  bag." 

Offensive  information  warfare,  although  publications  do  not 
officially  recognize  it  as  such,  is  the  first  half  of  the  Joint 
definition.  Defensive  IW,  the  second  half  of  the  definition,  is 
defending  our  own  systems  against  intrusions,  disruptions, 
denials  of  service  or  other  misuse  of  our  systems  for  other  than 
the  intended  purposes.  For  the  purposes  of  this  paper,  I  will 
concentrate  on  defensive  information  warfare.  What  is  important 
to  understand,  however,  is  that  concepts  of  IW  and  offensive  -- 
defensive  capabilities  are  currently  in  transition.  Also,  as 
technology  and  applications  become  more  sophisticated,  so  too 
will  the  attempts  to  grasp  information  technology's  full 
potential  metamorphose  over  time. 
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Nevertheless,  in  order  to  determine  what  information  warfare 
means  we  first  have  to  look  at  the  environment  that  has  spawned 
this  phenomenon. 

The  Infonoation  Warfare  Environment 

It  is  difficult  at  best  to  determine  an  exact  date  when  the 
so-called  Information  Age  began.  It  may  have  begun  when  Man 
first  began  to  write  history.  It  might  have  started  with  the 
invention  of  the  printing  press,  the  telegraph  and  telephone,  or 
even  with  the  invention  of  the  microprocessor  twenty- five  years 
ago.  Suffice  it  to  say  that  the  last  quarter  of  this  century  has 
seen  a  literal  explosion  in  the  use  of  information  technology 
worldwide . 

With  the  discovery  that  the  microprocessor  or  computer  chip 
could  store,  process,  and  transfer  information  as  data  or 
bitstreams  faster,  more  accurately,  in  larger  quantities,  and 
more  reliably  than  manual  or  paper  processes,  came  the 
realization  that  this  ability  had  vast  potential  for  information 
processing.  As  shown  in  figure  1,  however,  as  we  use  more  and 
more  information  technology,  the  broad  base  that  supported  the 
Industrial  Age  from  which  we  came,  is  drastically  reduced.  What 
figure  1  dramatically  illustrates  is  not  only  the  focus  on 
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information  technology  but,  figuratively,  the  precarious  balance 
that  seems  to  emanate  from  dependence  on  that  technology. 


Industrial  Age  Information  Age 


Figure  1 

Conv.  Forcess  Conventional,  nonnuclear  forces  ABIS=  Army  Battlefield  Information  System, 

Kuc.  Forces =  Nuclear  forces  ATDs/ACTDs^  Advanced  Technology  Demonstrations /Advanced  Concepts 
Technology  Demonstrations  Jt.  Vision  2010=  (The  Joint  Chiefs  of  Staff)  Joint  Vision  20X0 
C4ISR=  Command,  Control,  Communications,  Computers,  Intelligence,  Surveillance,  and 
Reconnaissance  PSN=  Public  or  Packet  Switched  Network  mfp  IT=  Information  and 

Information  Technology 


within  this  Information  Age  environment  are  initiatives  to 
interconnect  individual  processes  to  form  more  efficient 
infrastructures.  Systems  such  as  the  Global  Information 
Infrastructure  (GII) ,  the  National  (U.S.)  Information 
Infrastructure  (Nil),  and  the  Defense  (U.S.  DoD)  Information 
Infrastructure,  seek  to  make  it  easier  to  do  routine  processes 
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and  conduct  business  more  quickly,  accurately,  and  conveniently. 
(See  Draft  Joint  Publication  3-13,  Joint  Doctrine  For  Information 
Operations,  21  Jan  97  for  a  discussion  of  how  these  levels  of 
^^structure  interrelate  to  form  the  10  hierarchy. )  As  a 
commercial  application,  if  a  person  has  bills  to  pay  which 
require  writing  checks  to  several  locations,  being  connected  to 
those  locations  by  means  that  allow  the  electronic  transfer  of 
funds  has  its  advantages.  The  person  could  potentially  conduct 
bhose  transactions  on  a  home  computer,  with  the  appropriate 
software,  and  a  modem.  Computer-based  technology  is  easing  the 
lives  of  millions  of  consumers  through  such  convenient  use  of 
technology.  It  is  easy  and  relatively  inexpensive  to  obtain  this 
capability. 

The  Internet  and  World  Wide  Web  are  other  examples  of 
information-based  systems  that  are  becoming  quantitatively  more 
Proficient  modes  of  information  transfer  for  increasing  numbers 
of  people  worldwide.  The  Wall  Street  Journal .  in  October  1996 
reported  that  the  number  of  U.S.  households  linked  to  the 
Internet  during  the  past  year  doubled  to  14.7  million. 

Electronic  mail  (E-mail)  is  another  recent  capability  that 
is  becoming  increasingly  popular  as  a  means  of  instant 
communications.  The  German  magazine  Stern  predicted  that  E-mail 
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"will  continue  to  be  the  dominant  activity  on  the  Internet  into 
the  next  century."  It  predicted  the  number  of  E-mail  users  would 
grow  to  200  million  by  the  year  2000.^^ 

As  an  example  of  how  information  technology  has  spread. 

Chart  1  lists  just  a  small  sampling  of  the  many  military  systems 
being  fielded  in  the  Joint  arena. 

CHART  1:  Current  and  Projected  Joint  Computer-Based  Systems 
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ISR=  Intelligence,  Surveillance,  Reconnaissance  systems  £il=  Command,  Control, 
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The  purpose  of  incorporating  this  technology  in  so  many  of 
the  military's  processes  is  to  gain,  in  the  words  of  the  Chairman 
of  the  Joint  Chiefs  of  Staff,  "full -spectrum  dominance"  of  the 
battlefield.^^  As  the  Information  Age  has  shown,  developing 
technologies  can  add  speed,  reliability,  accuracy,  locations, 
simultaneity  and  depth  to  any  military  system  that  can  be 
automated. 

The  advantages  of  advanced  technologies  for  U.S.  military 
forces  are  that  they  allow  warfighters  to  gain  information  about 
a  physical  battlefield,  about  the  geography,  weather,  opposing 
forces,  friendly  forces;  to  communicate  near  real-time  to  real¬ 
time  information  in  a  variety  of  redundant,  reliable  means;  to 
transfer  that  information  to  anywhere  on  the  battlefield  the 
commander  wants;  to  use  that  information  to  create  extremely 
accurate  targeting  for  weapons  systems;  to  then  guide  precision 
weapons  and  maneuver  forces  to  targets  with  minimal  collateral 
damage;  and  to  deliver  logistics  in  timely,  economical  ways  to 
support  the  warfighter.  More  importantly,  as  the  National 
Defense  University's  Strategic  Assessment  1996  notes:  "The  U.S. 
military's  advantage  in  applying  information  technology  to 
warfare  does  not  derive  from  special  access  to  this  technology 
but  from  competence  at  systems  integration."^^  Unfortunately, 
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integration,  not  security  seems  to  be  the  goal  of  joint 
interoperability  initiatives. 

Since  the  end  of  the  Cold  War,  the  U.S.  military  is  moving 
from  a  threat -based  force  (formerly  facing  the  Soviet  Union)  to  a 
capabilities-based  force.  The  philosophy  is  that  with  the 
uncertainties  of  the  near  future  and  the  absence  of  a  single 
major  "peer  competitor,"  the  U.S.  must  be  prepared  to  face  a 
variety  of  challenges  in  many  forms.  The  ability  to  harness  the 
vast  potential  of  technology,  and  information  technology  in 
particular,  is  one  of  the  reasons  the  U.S.  remains  the  only 
superpower.  Commenting  on  the  current  Quadrennial  Defense  Review 
(QDR) ,  COL  Jim  Dubrik  notes :  "America  can  bring  to  bear 
significant  technological  advantage  to  its  conventional  forces, 
and  it  should.  Ground  maneuver  forces,  artillery,  helicopters, 
surface  missiles,  fixed-wing  aircraft,  surface  vessels,  and 
submarines  --  all  can  be  connected  via  information 
technologies . 

Another  advantage  of  integrating  Information  Age  technology 
into  military  operations  is  that  we  can  improve  interoperability 
between  the  separate  services.  If  the  U.S.  military  is  going  to 
operate  "jointly"  in  future  operations  (from  combat  to  operations 
other  than  combat) ,  interoperability  has  to  improve  on  the 
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success  achieved  during  Operation  Desert  Storm.  By  using  the 
same  inter-connected  systems,  such  as  the  Global  Command  and 
Control  System  (GCCS) ,  with  standardized  protocols  and  software, 
and  by  fielding  such  systems  to  key  decision-makers  in  theaters 
of  operation,  interoperability  will  be  improved.  Incidents  of 
friendly  fire  and  fratricide  will  decrease  as  users  (of  those 
information  systems)  will  have  the  same  "picture"  of  the 
battlefield,  the  same  situational  awareness. 

The  Persian  Gulf  War  is  only  the  beginning  of  the  power  that 
information  technology  can  have  on  the  battlefield.  As  an 
illustration,  in  that  war  information  warfare  (by  U.S.  forces) 
meant  knocking  out  key  communications  nodes.  By  striking  Sadam 
Hussein's  command  and  control  centers  --  his  eyes  and  ears  of 
battle  --  Iraqi  troops  were  cut  off  from  command  and  intelligence 
sources  and  were  left  paralyzed  against  U.S.  combat  forces.^®  As 
former  Army  Material  Command  (AMC)  Commander  General  Jimmy  Ross 
put  it,  "Iraq  lost  the  war  before  it  even  began. 

Further,  the  ability  to  provide  larger  amounts  of  and  more 
accurate,  more  timely  information  to  friendly  forces  during 
combat  will  allow  U.S.  forces  to  decide  quicker  than  the  enemy; 
to  mass  fires  simultaneously,  more  accurately,  and  in  depth;  to 
react  quicker  and  more  intelligently  to  possible  enemy  moves;  and 
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thus,  to  get  inside  the  enemy's  decision  cycle  to  defeat  him. 

Alan  D.  Campden,  author  of  The  First  Information  War,  wrote  of 
the  success  that  accurate  information  and  information  technology 
had  in  Desert  Storm.  "Knowledge  came  to  rival  weapons  and  tactics 
in  importance,"  he  said,  "giving  credence  to  the  notion  that  an 
enemy  might  be  brought  to  its  knees  principally  through 
destruction  and  disruption  of  the  means  for  command  and 
control. Truly,  information  technology  can  bring  accurate, 
decisive  power  to  the  battlefield. 

In  a  climate  of  geometrically  advancing  technology,  then, 
with  a  seemingly  endless  potential  to  the  use  of  technology 
backed  by  American  scientific  knowledge  and  industry:  what  is  the 
problem  with  the  use  of  technology?  What,  if  any,  are  the 
vulnerabilities  and  the  risks  associated  with  using  it?  Why  is 
it  even  worth  looking  at  these? 

The  Risks  Associated  With  Information  Technology 

We  can  group  these  risks  into  four  general  categories: 
dependence  on  inforroation  systems,  adversarial  information 
attacks,  the  nature  of  information  itself,  and  natural  or  man¬ 
made  disruption. 

First,  as  a  tool  of  the  Information  Age,  information 
technology  is  extremely  useful,  convenient,  economical,  and  as 
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shown  above,  when  used  with  intelligence  (in  the  non-military 
sense)  it  can  have  tremendous  advantages  for  the  user.  How  we 
use  it,  however,  may  entail  some  of  information  technology's 
9^®^test  faults.  For  one,  as  technology  matures,  the  products 
become  more  affordable,  allowing  more  people  to  obtain  and  use 
the  "technological  advantage"  that  ownership  brings  over  non- 
automated  processes .  Almost  anyone  who  has  the  money  can  own 
increasingly  more  powerful  computers,  whether  those  users  are 
American,  French,  Iraqi,  North  Korean,  Brazilian,  or  Russian.  A 
computer  does  not  recognize  the  intent,  nationality,  purpose, 
relationship  to  the  United  States,  or  potential  use  of  the 
computer.  Information  technology  is  becoming  ubiquitous.  There 
are  also  no  known  legal  restrictions  to  the  general  sale  of 
computers  in  the  United  States.  Ownership  now  can  include  --  for 
a  price  --  access  to  open  sources  of  information. 

Fielding  policies  currently  in  vogue  in  the  Department  of 
Defense  encourage  proliferation  of  computer  technology.  As  noted 
previously,  the  EXFOR  has  spent  almost  three  years  equipping  its 
Brigade -plus  of  vehicles  and  personnel  with  the  latest 
information  technology  in  an  attempt  to  maximize  the  information 
advantage.  Key  militairy  leaders,  additionally,  support  the 
integration  of  information  technology .  But  are  we  automating 
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too  much?  Are  we  putting  all  our  eggs  in  the  automation  basket? 
General  Ross  puts  it  more  succinctly;  "The  rapid  deployment  and 
synchronization  of  forces,  the  gathering  of  timely  intelligence 
and  the  maintenance  of  a  fast  tempo  of  operations  are  all 
dependent  on  the  transmission  of  accurate  and  timely 
information."^^  The  danger  is  that  each  user  --  which  indicates 
in  itself  his  or  her  importance  to  the  future  battle  --  must  have 
the  latest  battlefield  information  (on  a  battlefield  that  is 
dominated  by  information  advantage) .  The  consequence  is  that  if 
a  critical  element  of  that  user' s  situational  awareness  picture 
is  missing,  it  may  cause  that  user  to  take  some  unexpected  (and 
unwanted?)  action.  The  need  to  have  a  complete  picture 
absolutely  mandates  perfect  information  flow.  We  have  thus 
programmed  infallibility  into  our  expectations  of  information 
technology.  In  the  often-heard  lament  of  Signal  officers, 
heightened  expectations  of  perfect  communications  in  exercises 
and  in  real  operations,  leads  to  planning  for  "assured 
communications,"  which  in  the  Information  Age  becomes  assumed 
communications . 

Another  associated  weakness  of  information  systems  is  that 
too  often  there  is  the  creation  of  a  so-called  single  point  of 
failure  somewhere  in  the  system  or  infrastructure  supporting  the 
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system.  As  an  example,  the  Global  Positioning  System  (GPS) ,  a 
satellite-based  worldwide  location  system,  allows  a  commander  at 
any  level  to  theoretically  know  where  any  of  his  subordinate 
elements  (also  equipped  with  GPS)  is,  anywhere  on  the 
battlefield.  U.S.  forces  in  Desert  Storm  used  the  system 
extensively.  It  was  so  successful  and  American  units  relied  on 
it  to  such  an  extent  that  if  and  when  the  system  became 
inoperable,  soldiers  were  unable  to  remember  how  to  use  other 
location  devices,  such  as  the  hand-held  lensatic  compass. So 
dependent  are  U.S.  forces  becoming  on  GPS  for  a  whole  range  of 
systems  from  target  acquisition  to  logistics,  that  the  potential 
for  disaster  is  apparent.  At  a  recent  Army  War  College  seminar 
on  the  Army  After  Next,  the  idea  surfaced  of  shooting  down  the 
satellites  on  which  the  system  is  based,  as  the  first  shot  in 
some  theoretical  future  war.  This  would  have  the  effect  of 
rendering  the  GPS-based  systems  that  the  military  is  investing  so 
heavily  in,  virtually  useless. 

A  second  risk  associated  with  information  systems  is  their 
vulnerability  to  attack.  Although  there  is  some  agreement  as  to 
what  constitutes  an  information  attack^^  there  is  no  doubt  that 
attacks  are  occurring  and  at  an  increasing  rate .  The  Defense 
Information  Systems  Agency  (DISA) ,  charged  with  collecting  data 
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on  such  attacks  on  DoD  systems,  reported  that  since  1992  there 
have  been  over  38,000  attacks.  Of  these  attacks,  65%  were 
successful.  Further,  of  these  successful  attacks  only  4%  were 
detected  and  only  267  of  these  were  reported. What  is 
remarkable  is  that  these  attacks  were  on  Defense  systems  that  are 
afforded  the  added  protection,  so  to  speak,  of  being  inaccessible 
to  public  scrutiny.  How  extensive  is  the  actual  threat  from 
attack?  The  former  Director  of  Central  Intelligence,  John  M. 
Deutch,  claims  that  "the  degree  of  computer-based  'cyber'  attacks 
is  second  only  to  that  posed  by  nuclear  arms  and  other  weapons  of 
mass  destruction."^^  In  a  warning  to  Congress  about  the  dangers 
of  information  attacks,  Deutch  opined  that,  "the  electron  is  the 
ultimate  precision-guided  weapon. 

Admittedly,  the  United  States  is  a  tempting  target  for 
information  attacks.  The  Internet,  which  freely  crosses  military 
as  well  as  commercial  telecommunications  systems,  is  a  valuable 
open  source  for  information.  This  is  rarely,  if  ever  classified 
or  even  sensitive  information.  However,  it  is  increasingly  a 
valuable  and  easy-to-use  source  of  detailed  directions  how  to  use 
a  plethora  of  America's  best  software  products  and  it  has  access 
to  a  wide  variety  of  databases.  Why  not?  The  Internet  was 
designed  to  increase  the  networking  capability  of  database 
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systems,  to  allow  user-friendly  access,  and  it  is  spreading 
worldwide.  The  U.S.  is  also  technology-rich,  especially  in 
information  technology.  Organizations  or  single  users  who  can 
gain  access  to  American  information  systems  and  who  can  become 
superusers  (that  is,  able  to  control  access  to  various  parts  of 
the  system)  are  potentially  limited  only  by  their  own  resources 
and  initiative.  So  far,  however,  none  of  the  hackings  that  have 
been  detected  have  indicated  any  conspiratorial  connection, 
organized  pattern,  or  concerted  threat. 

But  how  long  can  this  "passive"  defense  hold?  The  American 
people  once  thought  themselves  isolated  from  terrorist  attacks  on 
this  continent  until  the  World  Trade  Center  and  Oklahoma  City 
bombings.  Can  we  afford  to  be  complacent  about  information 
attacks  that  have,  after  all,  not  claimed  any  lives?  The  danger 
is  not  in  any  information  attack's  "lethality,"  but  what  it 
portends  about  information  systems  and  the  information  that 
travels  along  those  paths. 

The  third  risk  has  to  do  with  the  very  nature  of 
information.  What  the  Information  Age  has  produced  is  a 
heightened  awareness  that  information  is  power.  But  what  is 
important  for  national  security  and  strategic  planners  is  having 
the  right  information,  at  the  right  time  and  in  the  right  place. 
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To  an  adversary,  any  bitstream  of  information  can  potentially  be 
or  become  a  bitstream  of  intelligence.  In  military  operations, 
planners  usually  discern  operational  trends  after  long  periods  of 
monitoring  an  adversary.  Individual  bits  of  intelligence,  gained 
over  time,  potentially  form  into  a  picture.  An  adept  information 
system  intruder  can  be  anything  from  a  passive  "listener" 
(undetectable  unless  you  are  aware  he  is  listening)  to  an  active 
disrupter. 

Further,  the  information  realm  itself  is  borderless:  it 
knows  no  national  boundaries.  Information  is  not  constrained  by 
time  or  space,  by  law  or  regulation.  "Information  is  fluid," 
says  Professor  George  F.  Stein.  It  is  not  subject  to  physical 
restrictions,  except  the  limitations  of  the  information  systems 
which  carry  it .  Examples  of  such  restrictions  are  trunk 
capacity,  satellite  accessibility,  compatibility  of  equipment, 
and  software  protocols.  It  is  also  extremely  difficult  to  trace 
or  identify  an  attacker  once  he  has  turned  off  his  system. 
Information  flow  stops  when  one  turns  off  the  electricity. 

The  fourth  risk  associated  with  information  systems  is 
disruptions  from  natural  or  man-made  causes .  Though  these  are 
infrequent,  certain  aspects  may  be  self -induced. 
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For  instance,  according  to  the  Defense  Science  Board's  Task 
Force  on  Information  Warfare  --  Defense,  the  national  information 
infrastmcture  is  heavily  dependent  on  commercial  services,  such 
as  power  and  natural  gas  systems.^®  Barry  Horton,  principal 
Deputy  Assistant  Secretary  of  Defense  states  that  fully  "95 
percent  of  military  communications  are  over  commercial 
networks."^®  Many  U.S.  military  installations  depend  on  local 
commercial  gas  and  power  lines  as  their  primary  energy  resource. 
The  degree  of  military  control  over  these  external  systems  is 
potentially  degraded  in  times  of  catastrophic  outages.  It  is 
imperative  that  installations  have  effective  back-up  systems  for 
critical  information-based  systems.  Also,  redundancies  in 
cabling  and  in  routing  systems  are  effective  protective  measures. 

In  developing  defensive  measures  against  IW  outages,  we 
should  be  asking  the  following  questions:  What  key  systems  are 
likely  targets  of  attack?  What  critical  infrastructures,  such  as 
power  sources  and  transmission  lines,  should  be  protected?  What 
redundant  infrastructure  capabilities  need  to  be  engineered? 

What  constitutes  an  IW  "attack"?  How  do  users  of  military 
information  systems  (and  potential  targets  of  IW  attacks)  train 
for,  recognize,  and  report  attacks?  Developing  strategies  to 
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counter  this  potential  disruption  at  the  lowest  level  of 
operations  will  help  to  ensure  systems  remain  operational. 

One  of  the  potentially  most  damaging  weapons  to  be  used 
against  U.S.  information  systems  is  the  virus.  These  destructive 
engines  are  simply  programmable  codes  that  when  introduced  into  a 
computer  system,  alter  the  operation  of  the  system  itself. 
Viruses,  known  by  such  unique  names  as  "Michelangelo,"  the 
"Morris  Worm,"  and  "Meatgrinder, "  can  cause  pennanent  or 
temporary  damage  or  disruption  to  a  computer's  storage  media  and 
memory  areas.  The  danger  of  viruses  is  that  any  computer  system 
(military  or  civilian)  is  susceptible  to  a  virus  attack.  They 
usually  target  certain  hardwares  and  are  therefore  effective, 
unanticipated  and  usually  undetected  until  they  have  been 
executed.  Lastly,  viruses  are  programs;  that  is,  they  are  man¬ 
made  and  not  naturally  occurring  in  computer  systems .  They  are 
therefore  created  for  a  purpose,  exclusively  injurious  to 
information  systems.  Most  importantly  though,  there  have  so  far 
been  no  efforts  to  outlaw  viruses,  due  to  their  relatively  recent 
appearance  on  the  scene . 

What  is  the  potential  for  using  a  virus  as  a  weapon?  Two  of 
the  leading  authorities  on  viruses,  Paul  Evancoe  and  Mark 
Bentley,  claim  that,  "The  possibility  for  the  employment  of  CVW 


22 


[Computer  Virus  as  a  Weapon]  [is]  only  limited  by  the 
imagination.  The  technology  and  genius  required  to  develop  such 
powerful  viruses,"  they  state,  "exists  now."^^ 

We  have  looked  at  information  warfare,  the  current 
commercial  and  military  environments  of  the  Information  Age,  some 
of  the  vulnerabilities  and  risks  associated  with  the  use  of 
information  technologies,  and  a  few  of  the  instances  of  actual  IW 
attacks .  It  is  now  time  to  turn  to  the  threat  to  current 
information  systems,  and  particularly  Joint  systems. 

What  is  the  Information  Warfare  Threat  to  U.S.  Joint  Systems? 

The  overall  threat  derives  from  four  sources:  the  absence 
of  a  coherent  national  security  policy  to  combat  IW,  the  nature 
of  U.S.  society  in  the  Information  Age,  the  Information  Age 
environment  itself,  and  the  absence  of  a  significant  external 
conventional  weapon  threat . 

Any  national  security  policy  to  combat  IW  attacks  must 
start  at  the  top.  President  Clinton's  current  statement  on 
national  security  strategy,  stresses  the  intent  to  protect 
American  society  through  a  strategy  of  active  engagement  in  world 
politics,  keyed  to  the  enlargement  of  the  pool  of  democratic  and 
open-market  societies.  However,  it  pays  scant  attention  to 
information  warfare . 


23 


Although  a  straightforward  information  warfare  declaration 
is  not  part  of  the  National  Security  Strategy,  at  least  at  this 
time,  other  important  processes  address  related  information 
systems  issues.  Two  of  these  are  the  Critical  Infrastructures 
Working  Group  (CIWG)  and  the  President's  National  Security 
Telecommunications  Advisory  Committee  (NTSAC) 

Derived  from  the  National  Security  Strategy  and  similarly 
focused,  the  National  Military  Strategy  published  in  1995,^^ 
calls  "winning  the  information  war"  one  sub-component  of  the 
"fight  and  win"  element  of  the  strategy.  It  recognizes  that  we 
can  gain  leverage  by  obtaining  information  systems  technologies 
but  it  stops  short  of  defining  a  specific  process  to  be  followed. 

This  lack  of  a  strategic  agenda  on  IW  policy  is  in  direct 
contrast  to  other  countries,  such  as  Russia. Until  the  White 
House  issues  a  cogent  expression  of  national  will  on  IW,  it  will 
not  receive  national  recognition  as  a  valid  threat. 

The  second  aspect  of  the  IW  threat  is  the  nature  of 
American  society  itself  and  how  this  has  pervaded  somewhat  into 
the  military  environment.  The  United  States,  it  is  no  surprise, 
is  an  open,  trusting  society.  We  have  created  an  involuntary 
glasnost  when  it  comes  to  information  systems  proliferation.  As 
an  illustration,  once  the  two  bombing  incidents  (mentioned  above) 
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passed,  the  American  people  went  back  to  business  as  usual.  We 
become  complacent.  The  information  systems  we  are  obtaining 
welcome  us  to  a  new  world  of  toys  and  opportunities,  in  many 
cases.  The  United  States  must  develop  ways  to  defend  against  IW 
attacks  or  face  the  same  type  of  dilemma  (but  perhaps  not  the 
same  degree)  the  Japanese  people  faced  in  August  1945  when 
President  Truman  ordered  the  atomic  bombing  of  Hiroshima  and 
Nagasaki .  Had  the  Japanese  government  known  of  the  destructive 
power  that  splitting  the  atom  possessed,  surely  they  would  have 
developed  civil  defense  measures  or  at  least  warnings  for  their 
own  people.  Today,  America  faces  the  same  challenge  in  IW.  We 
do  not  truly  know  the  potential  lethality  that  IW  possesses.  We 
will  face  another  Hiroshima  if  we  do  not  develop  means  to  defend 
against  IW  attacks . 

In  the  Joint  arena,  information  technology  promises  great 
advantage  to  our  already  superior  conventional  military  strength. 
The  EXFOR's  efforts  at  the  NTC  will  prove  to  be  a  worthwhile 
investment  in  digitization.  However,  we  must  realize  that 
technology,  especially  information  technology,  is  a  tool  for  the 
warfighter,  not  an  end  in  itself.  What  makes  this  technology  so 
great  an  addition  to  the  warfighters  array  of  systems  is  its 
ability  to  help  the  Joint  Force  Commander  see  and  sense  better. 
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communicate  with  his  forces  faster,  bring  decisive  firepower  and 


maneuver  to  bear  more  accurately  and  economically,  and  achieve 
decisive  victory  --  in  whatever  format  --  with  fewer  casualties 
and  with  less  equipment  loss .  It  will  allow  commanders  to 
achieve  what  FM  100-6,  Information  Operations,  calls  "information 
dominance . But  behind  the  technology  is  the  human  element: 
take  away  the  means  of  doing  business  and  we  are  left  with  the 
source  and  the  objective  of  all  power:  people. 

The  Joint  Community  must  also  learn  what  constitutes  an  IW 
attack.  For  example,  cutting  a  transmission  cable  accidentally 
(as  is  often  done  in  construction) ,  is  not  necessarily  an 
information  attack.  Whereas  the  cyber  attack  is  often 
undetectable,  cutting  a  cable  is  usually  not.  This  is  also  why 
an  IW  attack  is  dangerous;  you  cannot  see  it,  locate  it,  tell 
when  it  occurred  or  even  if  an  attack  occurred  at  all. 

Another  perspective  that  we  often  overlook  is  the  fact  that 
the  United  States  is  a  unique  society  because  it  is  nearly  self- 
sufficient.  It  has  many  of  the  natural  resources,  technology,  a 
relatively  free  and  open  working  environment  with  two  cooperative 
and  friendly  neighbors  in  Canada  and  Mexico.  In  many  aspects  the 
U.S.  is  able  to  determine  its  own  destiny,  as  it  has  in  the  past 
through  hard  work,  democratic  ideals,  and  a  market  economy.  But 
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in  an  information  warfare  environment,  no  one  country  or  people 


control  information  and  the  means  to  its  use.  Access  is  nearly 
unrestricted  to  so  many  of  the  systems  which  connect  American 
society.  For  the  first  time,  America  may  not  be  able  to  control 
its  own  destiny  if  and  unless  it  can  find  the  means  to  control 
the  negative  aspects  of  information  warfare  and  information 
technology.  This  is  why  IW  is  so  dangerous.  Imagine,  for 
instance  a  country  or  group  that  was  able  to  obtain  global 
information  dominance,  whatever  that  eventually  means.  The 
implications  of  knowing  all  that  your  adversaries  especially  were 
doing,  thinking,  planning  are  staggering.  Information  warfare 
could  become  a  center  of  gravity. 

The  third  component  of  the  threat  is  inherent  in  the 
Information  Age  environment  itself.  Internetting  and  networking 
are  two  of  the  advantages  of  the  technology  of  the  Information 
Age.  The  proliferation  of  new  and  better  ways  to  leverage  that 
technology,  however,  has  not  brought  with  it  the  maturity  to  plan 
for  the  effective  management  of  that  technology.  As  a  glaring 
example;  few  people  have  asked  what  will  happen  if  the  EXFOR 
digitization  effort  does  not  work.  Key  leaders  and  certainly  the 
participants  who  have  invested  the  past  three  years  in  this  great 
experiment  of  integrating  technology  with  advanced  doctrinal 
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concepts,  certainly  have  assumed  that  it  will  be  successful, 
albeit  to  differing  degrees  of  success.  Take,  for  another 
example,  the  American  experience  with  the  automobile.  It  was 
invented  and  put  into  production  at  the  turn  of  this  century  and 
we  are  still  killing  ourselves  by  the  thousands  annually  because 
we  have  not  yet  fully  integrated  automobile  usage  in  our  society. 
As  a  more  basic  example,  what  do  you  do  when  the  power  in  your 
home  goes  out  or  your  computer  "crashes?"  We  have  come  to  depend 
on  technology  for  managing  a  large  part  of  our  lives.  We  must 
understand  information  technology  development  as  we  go  along.  We 
cannot  develop  management  techniques  after  the  means  to  use  them 
are  in  every  home  or  mounted  on  every  combat  vehicle  on  the 
battlefield. 

The  last  component  of  the  threat  is  the  lack  of  a  current 
conventional  weapon  threat.  With  the  end  of  the  Cold  War  and  the 
collapse  of  the  Soviet  Union,  the  world  is  finding  that  all  of 
those  regional,  ethnic,  and  nationalistic  passions  that  were 
subordinated  to  the  East -West  power  struggle  were  never  really 
dead  and  they  are  now  rising  to  the  top  of  World  consciousness. 
Information  technology  has  risen  to  the  top  of  this  Post -Cold  War 
world  because  it  has  such  unlimited  potential  for  both  positive 
and  negative  reasons.  With  efforts  to  denuclearize  former 


28 


nuclear  powers  and  the  threat  of  large-scale  nuclear  or  even 
conventional  conflicts  subsiding,  the  political  focus  is  on 
regional  conflicts.  So,  too,  information  technology  is 
developing  the  hidden  potential  in  information  and  in  systems,  in 
and  of  themselves,  not  as  tools.  This  is  a  dangerous  trend  that 
if  left  unmanaged  worldwide,  could  lead  to  an  Information  Age 
Pearl  Harbor. 

Conclusion 

The  Infoirmation  Age  holds  great  promise  for  technological 
achievement,  for  the  betterment  of  all  humans  and  for  military 
users  in  particular.  Some  have  theorized  that  with  advanced 
information  systems,  such  as  stand-off  weapons,  long-range 
sensors,  and  unmanned  aerial  vehicles,  the  Joint  arena  might  one 
day  fight  a  war  or  conduct  simultaneous  attacks  in  depth  or  other 
operations  "at  a  distance."  The  air  war  campaign  of  Desert  Storm 
proved  that  with  advanced  technology  we  could  obtain  both  air  and 
information  superiority  and  bring  heavy  damage  to  an  enemy.  What 
was  needed  to  be  decisive  in  that  war,  was  the  ability  to  combine 
the  technology  of  air  power  with  technology-driven  ground  forces. 
Coalition  forces  could  not  have  achieved  victory  with  personnel 
and  equipment  or  information  technology  alone. 
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Americans  have  become  dependent  on  information  technology  to 
the  point  that  we  find  it  is  difficult  to  live  without  it.  Our 
business  transactions  increasingly  focus  on  electronic  currency 
despite  the  fact  that,  as  shown  above,  banks  have  suffered  at  the 
hands  of  hackers  to  those  funds  transfer  systems.  Force  XXI 's 
techno-Brigade  is  counting  on  technological  innovations  to  drive 
Twenty-First  Century  tactics,  techniques  and  procedures  as  well 
as  doctrine,  personnel,  and  logistics  initiatives. 

The  United  States  and  the  Department  of  Defense  are  at  a 
crossroads  in  information  technology.  As  the  Defense  Science 
Board  Task  Force  concluded: 

"There  is  a  need  for  extraordinary  action  to 
deal  with  the  present  and  emerging  challenges 
of  defending  against  possible  information 
warfare  attacks  on  facilities,  information, 
information  systems,  and  networks  of  the 
United  States  which  would  seriously  affect 
the  ability  of  the  Department  of  Defense  to 
carry  out  its  assigned  missions  and 
functions .  We  have  observed  an  increasing 
dependence  on  the  Defense  Information 
Infrastructure  and  increasing  doctrinal 
assumptions  regarding  the  continued 
availability  of  that  infrastructure.  This 
dependence  and  these  assumptions  are 
ingredients  in  a  recipe  for  a  national 

3  8 

security  disaster." 

This  a  valid  argument.  If  TF  XXI  proves  that  indeed  technology 
can  be  integrated  successfully  into  combat  operations,  then  the 
Department  of  Defense  needs  to  adapt  the  lessons  learned  BY  THE 
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OPFOR  at  NTC  as  examples  of  what  automation  can  do  to  us  when  it 
is  aimed  at  US  Forces.  While  it  is  true  that  there  is  probably 
not  a  comprehensive  threat  to  America's  national  security  from  a 
unified  band  of  computer  hackers,  there  is  enough  evidence  to 
prove  that  there  is  an  automation  battle  occurring  in  the 
Information  environment. 

Throughout  history,  when  Man  invented  some  new  technology 
and  discovered  it  could  be  used  as  a  weapon  of  war,  such  as  the 
bow  and  arrow,  gunpowder,  the  railroad,  and  the  like,  the 
adversary  against  whom  these  were  used  had  to  quickly  develop 
defenses  or  risk  annihilation.  New  tactics,  techniques  and 
procedures  had  to  soon  follow,  both  in  the  way  to  use  the  weapon 
offensively  and,  conversely,  in  the  means  to  defend  against  it. 
Man  invented  cavalry,  for  instance,  as  a  means  to  fight  massed 
infantry.  Armies  then  developed  the  14 -foot  pike  to  defend 
against  persons  on  horseback.  Subsequently,  foot  soldiers 
developed  the  compound  bow  and  employed  it  effectively  against 
pikemen.  Armor's  development  then  took  place. 

We  are  now  at  a  point  in  history  when  the  first  "shots"  in 
the  information  war  have  already  been  fired:  hackings,  denials  of 
service,  penetrations  of  Defense  information  systems.  Are  these 
being  created  as  a  reaction  to  or  consequence  of  the  development 
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of  information  technologies?  If  countries  are  truly  in  an 
information  "warfare"  environment,  the  next  manifestation  is 
likely  to  be  as  a  counter  to  the  US  advantage  in  information 
technology. 
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